Proxmox utilizes bridge networking in order to offer internet access to virtual machines. Furthermore, we need a public IP for each machine. In case we have access to only a certain number of IPs, we can utilize NAT in order to access the Internet on the machines.
However, it is recommended to have a static public IP while running public services. So, let’s take a look at how to set up NAT on Proxmox to offer private networks to virtual machines.
This process involves the following steps:
- Create a bridge
- Bring up the NAT bridge
- Configure Virtual Machine
- Port forwarding to access from the outside world
- Setup NAT on Proxmox: Create a bridge
First, we will log in to the proxmox host ssh and run the following command:
nano /etc/network/interfaces
This command opens up the network configuration file.
# network interface settings; autogenerated # Please do NOT modify this file directly, unless you know what # you're doing. # # If you want to manage parts of the network configuration manually, # please utilize the 'source' or 'source-directory' directives to do # so. # PVE will preserve these directives, but will NOT read its network # configuration from sourced files, so do not attempt to move any of # the PVE managed interfaces into external files! auto lo iface lo inet loopback auto enp4s0 iface enp4s0 inet manual post-up iptables-restore < /etc/iptables.up.rules auto vmbr0 iface vmbr0 inet static address AA.BB.CC.DD/28 gateway AA.BB.CC.GG bridge-ports enp4s0 bridge-stp off bridge-fd 0
Next, paste the following at the end of the configuration file:
auto vmbr1 #private sub network iface vmbr1 inet static address 192.168.1.1 netmask 255.255.255.0 bridge_ports none bridge_stp off bridge_fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
Here, vmbr0 is the bridge name for NAT while vmbr1 is the interface configured on the network file. We are setting bridge_ports
to none as we are not connecting to the outside world directly.
- Setup NAT on Proxmox: Bring up the NAT bridge
The next step involves using the command below to bring up the bridge we configured in the previous section:
ifup vmbr2
- Setup NAT on Proxmox: Configure Virtual Machine
This step involves configuring the virtual machine using the IP address. As There is no DHCP service we have to set a manual configuration.
- IP: 192.168.1.2
- Netmask: 255.255.255.0
- Gateway: 192.168.1.1
We can use the following IPs for further virtual machines: 192.168.1.3 – 192.168.1.254 & Google DNS for DNS: 8.8.8.8 and 8.8.4.4
- Setup NAT on Proxmox: Port forwarding to access from the outside world
If we are working with a Linux guest, we can access ssh through the public IP of the main server. In this scenario, we will run the following command on proxmox host.
iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3033 -j DNAT --to 192.168.1.2:22
In this example, we are forwarding host port 3033 to guest port 22. After that we will run the command below in order to access guest SSH:
ssh -p 3033 [email protected]
This command will prompt for the password. Once we enter the password, we can successfully connect to guest SSH.
